CEH_ Official Certified Ethical Hacker Review Guide_ Exam 312-50 - Kimberly Graves [56]
The types of DNS spoofing techniques are as follows:
■ Intranet spoofing-acting as a device on the same internal network
■ Internet spoofing-acting as a device on the Internet
■ Proxy server DNS poisoning-modifying the DNS entries on a proxy server so the user is redirected to a different host system
■ DNS cache poisoning-modifying the DNS entries on any system so the user is redirected to a different host
Hacking Tools
EtherFlood is used to flood an Ethernet switch with traffic to make it revert to a hub. By doing this, a hacker is able to capture all traffic on the network rather than just traffic going to and from their system, as would be the case with a switch.
Dsniff is a collection of Unix-executable tools designed to perform network auditing as well as network penetration. The following tools are contained in dsniff: filesnarf, mailsnarf, msgsnarf, urlsnarf, and webspy. These tools passively monitor a vulnerable shared network (such as a LAN where the sniffer sits behind any exterior firewall) for interesting data (passwords, e-mail, files, and so on).
Sshmitm and webmitm implement active man-in-the-middle attacks against redirected Secure Shell (SSH) and HTTPS sessions.
Arpspoof, dnsspoof, and macof work on the interception of switched network traffic that is usually unavailable to a sniffer program because of switching. To get around the layer 2 packetswitching issue, dsniff spoofs the network into thinking that it's a gateway that data must pass through to get outside the network.
IP Restrictions Scanner (IRS) is used to find the IP restrictions that have been set for a particular service on a host. It combines ARP poisoning with a TCP stealth or half-scan technique and exhaustively tests all possible spoofed TCP connections to the selected port of the target. IRS can find servers and network devices like routers and switches and identify access-control features like access control lists (ACLs), IP filters, and firewall rules.
sTerm is a Telnet client with a unique feature: It can establish a bidirectional Telnet session to a target host, without ever sending the real IP and MAC addresses in any packet. Using ARP poisoning, MAC spoofing, and IP spoofing techniques, sTerm can effectively bypass ACLs, firewall rules, and IP restrictions on servers and network devices.
Cain & Abel is a multipurpose hacking tool for Windows. It allows easy recovery of various kinds of passwords by sniffing the network; cracking encrypted passwords using dictionary, bruteforce; recording VoIP conversations; decoding scrambled passwords; revealing password boxes; uncovering cached passwords; and analyzing routing protocols. The latest version contains a lot of new features like ARP Poison Routing (APR), which enables sniffing on switched LANs and man-in-the-middle attacks. The sniffer in this version can also analyze encrypted protocols such as SSH-1 and HTTPS, and it contains filters to capture credentials from a wide range of authentication mechanisms.
Packet Crafter is a tool used to create custom TCP/IP/UDP packets. The tool can change the source address of a packet to do IP spoofing and can control IPflags such as checksums and TCP flags such as the state flags, sequence numbers, and ack number.
SMAC is a tool to change the MAC address of a system. It lets a hacker spoof a MAC address when performing an attack.
MAC Changer is a tool used to spoof a MAC address on Unix. It can be used to set the network interface to a specific MAC address, set the MAC randomly, set a MAC of another vendor, set another MAC of the same vendor, set a MAC of the same kind, or even to display a vendor MAC list to choose from.
WinDNSSpoof